Subject: Re: extending chroot()
To: Steve Bellovin <>
From: Andrew Brown <>
List: tech-security
Date: 01/23/2003 16:36:22
>> systrace can implement access control on source/destination addresses,
>> though i've not tried anything complex with it yet.
>Systrace works just fine for that.  Every application that I run
>on my latop is systraced automatically, that is every xterm runs
>a systraced shell.
>Things like browsers, media players, editors, etc... can be restricted
>fairly simple.  This includes resticting to the network connections
>that applications are allowed to make and so forth.
>There are actually several people in Ann Arbor who run their laptops
>completely systraced.

the one thing that came to mind was "can a systraced program bind to"?  the answer is probably yes, and that systrace cannot
restrict the address to which clients connect (assuming that the host
machine has more than one ip address).  systrace can certainly
restrict the address to which programs bind, but also cannot control
the local address that a socket gets if it is unbound when a connect()
is issued.

i don't see this as a failing of systrace -- merely as something to
consider when "jailing" a program that will make/receive network

|-----< "CODE WARRIOR" >-----|             * "ah!  i see you have the internet (Andrew Brown)                that goes *ping*!"       * "information is power -- share the wealth."